Ask the Experts

Ask the Experts

• Does .cc domain malware demand domain blocking?

  Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy?  Continue Reading

• Print-management software security starts with a private IP address

  Print-management software shouldn’t provide a great risk to a company provided it uses a private IP address, says expert Mike Chapple.  Continue Reading

• Network topology mapping: How to automate network documentation

  Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools.  Continue Reading

• UTM devices: Efficient security or a firewall failure risk?

  UTM devices provide more protection than a simple firewall, but do they increase the risk of an enterprise firewall failure?  Continue Reading

• IE automatic updates: Better security or more update fatigue?

  Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps?  Continue Reading

• Web browser security comparison: Are Firefox security issues legit?

  Expert Mike Cobb reacts to a Google-funded Web browser security comparison and whether it highlights legitimate enterprise Firefox security issues.  Continue Reading

• SIEM vs. DAM technology: Enterprise DAM implementation best practices

  Mike Cobb analyzes the differences between a SIEM and DAM implementation and how to successfully configure an enterprise DAM.  Continue Reading

• The switch to HTTPS: Understanding the benefits and limitations

  Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems.  Continue Reading

• Webmail forensics: Investigating issues with email forwarding security

  Expert Mike Cobb discusses webmail forensics possibilities for dealing with the aftermath of an issue involving an email forwarding security breach.  Continue Reading

• Inside the W3C Web security standards to prevent cross-site scripting

  Expert Mike Cobb details the W3C Web security standards designed to foster a content security policy and help prevent cross-site scripting attacks.  Continue Reading

• What are the best tools for enterprise Windows security logs analysis?

  Expert Mike Cobb provides some of the best Windows security log tools available for the enterprise.  Continue Reading

• Mobile device protection: How to thwart SMS Trojans

  Expert Nick Lewis explains how to properly secure a smartphone in order to thwart Trojans that steal SMS messages.  Continue Reading

• BIOS security: Are BIOS attacks worth defending against?

  Expert Nick Lewis analyzes the risk of a BIOS attack in juxtaposition to the irritation and expense of securing a network against this threat.  Continue Reading

• Exploring Google Chrome Frame security and legacy Web applications

  Can legacy Web applications benefit from the Google Chrome Frame security and interoperability capabilities? Nick Lewis gives his take.  Continue Reading

• How to protect a website from malware redirects

  Malware redirects are a serious hazard in the jungle of infiltration exploits; Nick Lewis explains how they can be avoided.  Continue Reading

• RTP attacks: How to prevent enterprise data exfiltration

  How big of an issue are RTP attacks in the context of all attacks via covert channels? Nick Lewis looks at tunneling for enterprise data exfiltration.  Continue Reading

• Use Telnet alternative SSH to thwart Telnet security risks

  The inherently insecure Telnet protocol shouldn’t be used on modern networks. Learn why and what to use in its place.  Continue Reading

• Whether to change default RDP port as a virus protection best practice

  Using nonstandard ports for the RDP protocol blocks the Morto worm. But is changing port numbers a virus prevention best practice?  Continue Reading

• Is it possible to prevent DDoS attacks?

  A distributed denial-of-service (DDoS) attack can consume all your network bandwidth. Learn how to prevent a DDoS attack in this expert response.  Continue Reading

• SCIM identity management strategy: Time to outsource IdM?

  Randall Gamby outlines the SCIM identity management standard and offers identity management for those enterprises considering outsourcing.  Continue Reading

• Dynamic authorization vs. other access management technologies

  Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.  Continue Reading

• Image-based authentication: Viable alternative authentication method?

  Randall Gamby addresses the criticisms of image-based authentication and considers if it's a viable enterprise alternative authentication method.  Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.  Continue Reading

• Can Android virtual patching thwart Android malware attacks?

  Application security expert Mike Cobb weighs the pros and cons of Android virtual patching to thwart Android malware attacks.  Continue Reading

• Explaining how trusted SSL certificates and forged SSL certificates work

  Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections.  Continue Reading

• Best practices: Gaining executive support for the software security lifecycle

  Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains.  Continue Reading

• BIOS management best practices: BIOS patches and BIOS updates

  Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.  Continue Reading

• Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?

  CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise?  Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.  Continue Reading

• Talking with lawyers: How to manage information security legal issues

  Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.  Continue Reading

• Role-based access control: Making an enterprise RBAC implementation easier

  Learn the benefits of role-based access control based on job functions of network accessing employees, and how to make an RBAC implementation easier.  Continue Reading

• Cloud endpoint security: Considerations for cloud security services

  Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.  Continue Reading

• Assessing smartphone eavesdropping via keyboard vibrations

  Is smartphone eavesdropping via keyboard vibrations a credible enterprise threat? Mike Chapple explains.  Continue Reading

• QR codes security: Do malicious QR codes pose a risk?

  Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.  Continue Reading

• Curb the spam virus threat via information security awareness training

  Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.  Continue Reading

• Does Morto worm prove inherent flaws in Windows RDP security?

  The recent Morto worm had unusual success spreading via Windows Remote Desktop Protocol. Does that mean RDP is security too weak? Nick Lewis explains.  Continue Reading

• Avoiding cloud bandwidth costs resulting from a cloud DDoS attack

  A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.  Continue Reading

• Personal online banking at work: Avoiding online banking security issues

  Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.  Continue Reading

• Monitor outbound traffic: Full-packet capture or only capture network flow data?

  If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.  Continue Reading

• Exchange Server administration policy: Managing privileged user access

  Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy.  Continue Reading

• Privileged account policy: Securely managing privileged accounts

  Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.  Continue Reading

• Credential validation for an enterprise password storage vault

  Randall Gamby offers advice on the credential validation process for an enterprise password storage system.  Continue Reading

• An intro to free Microsoft security tools for secure software development

  Free Microsoft security tools Threat Modeling, MiniFuzz and RegExFuzz are designed to help developers build secure software.  Continue Reading

• How penetration testing helps ensure a secure data store

  A third-party penetration test is the best way to determine whether an online data store can be compromised.  Continue Reading

• Addressing HP netbook security with webOS discontinued

  A company contemplates the security implications of continuing an HP netbook rollout with webOS discontinued  Continue Reading

• OpenStack security analysis: Pros and cons of open source cloud software

  Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues.  Continue Reading

• Detecting and blocking suspicious logins, unusual login activity in the enterprise

  Randall Gamby dissects the delicate but crucial science of detecting and blocking suspicious logins and unusual login activity in the enterprise.  Continue Reading

• Do WebKit exploits escalate risk of Web browser attacks?

  The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk.  Continue Reading

• HIPAA encryption requirements: How to avoid a breach disclosure

  Learn why it's necessary to encrypt customer data with respect to HIPAA encryption requirements and what enterprises should expect.  Continue Reading

• Getting started with an ISO implementation

  Struggling to develop an ISO implementation plan? Get advice on starting an enterprise ISO implementation.  Continue Reading

• Advice for developing a vendor compliance checklist for a vendor review process

  Get advice for developing a vendor compliance checklist to support a vendor review process or a third-party vendor audit.  Continue Reading

• Is maintaining PCI compliance in the enterprise actually possible?

  Manage the ongoing struggle enterprises face in maintaining PCI compliance, weighing practicality with security necessity.  Continue Reading

• Firewall network security: Thwarting sophisticated attacks

  Firewall network security is still a critical part of securing an enterprise. Learn what sophisticated attacks a firewall can effectively prevent.  Continue Reading

• Web server encryption: Enterprise website encryption best practices

  Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.  Continue Reading

• How to bolster BIOS security to prevent BIOS attacks

  BIOS attacks can be thwarted by implementing NIST guidelines for BIOS security.  Continue Reading

• Securing IE with plug-ins Google Chrome Frame and IETab

  Web browser plug-ins can bolster IE security for legacy apps that have to run on outdated versions of Internet Explorer.  Continue Reading

• Assessing Google Chrome extension flaws and Chromebook security

  Learn how flaws in the Google Chrome extensions affect the Chromebook security and the role they play in a risk assessment.  Continue Reading

• Learning from the MySQL.com hack: How to stop website redirects

  Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack.  Continue Reading

• Detecting covert channels to prevent enterprise data exfiltration

  A covert channel is just one more way data can leave the network. Learn how to detect and block covert channels from threats expert Nick Lewis.  Continue Reading

• NoScript addon: A valuable addition to your antimalware toolkit

  Browser plug-ins like the NoScript add-on can help prevent malware infections when configured correctly. Expert Nick Lewis explains.  Continue Reading

• How the Google malware warning system can help minimize infections

  Eventually hackers will manipulate Google’s malware warning feature, but it may help prevent future infections.  Continue Reading

• What is ISO certified vs. ISO compliant?

  Discover the difference between an ISO 27002 certification report and an ISO 27002 compliant report.  Continue Reading

• Improving Web application security with automated attack toolkits

  It may seem counterintuitive, but you can safely use automated attack toolkits to improve your Web application security. Nick Lewis explains.  Continue Reading

• Automated file and registry monitoring tools for Windows

  A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection.  Continue Reading

• The pros and cons of delivering Web pages over an SSL connection

  An SSL connection can help secure Web browsing, but can affect website performance. Michael Cobb explains the pros and cons of an SSL connection.  Continue Reading

• Securing applications with a network pen test

  Network penetration testing can help protect applications by uncovering weaknesses that provide an alternate route to sensitive data.  Continue Reading

• OAuth 2.0: Pros and cons of using the federation protocol

  Learn the advantages and disadvantages of using Open Authorization for Web application authentication.  Continue Reading

• Stop hackers from finding data during Web application fingerprinting

  Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips.  Continue Reading

• How to secure websites using the HSTS protocol

  Learn how to use HTTP Strict Transport Security (HSTS) to secure websites and how HSTS prevents man-in-the-middle attacks.  Continue Reading

• Incident response best practices after Sony breach

  Following the recent Sony breach, there are a few lessons other enterprises can learn about incident response.  Continue Reading

• How DHCP works and the security implications of high DHCP churn

  Learn about the potential problems with high DHCP churn and whether it should be a concern to your organization.  Continue Reading

• How secure is a VPN? Exploring the most secure remote access methods

  Virtual private networks are a common means of providing remote access, but expert Mike Chapple addresses whether it is the most secure option available.  Continue Reading

• Detecting mobile devices on a wireless guest network

  The approach to detecting mobile devices on wireless guest networks is not the same as managing mobile devices on corporate networks. Our expert explains.  Continue Reading

• How to choose application security tools for certain scenarios

  Learn about application whitelisting, application firewalls and activity monitoring, and how to choose the right application security tools and products.  Continue Reading

• Software testing methodologies: Dynamic versus static application security testing

  Learn about two software security testing methodologies – dynamic and static testing – in this expert response by Michael Cobb.  Continue Reading

• Firefox versus IE: Which is the most secure Web browser?

  Those organizations that haven’t upgraded to IE9 may consider Firefox a viable option. But is it a more secure Web browser? Michael Cobb has the answer.  Continue Reading

• Firefox 4 vs. Firefox 5: The risks of delaying an upgrade

  Given the rapid release of new versions of Firefox, is it worth upgrading to Firefox 5 or should you wait? Expert Michael Cobb offers guidance.  Continue Reading

• Windows ASLR: Investing in your secure software development lifecycle

  Implementing Windows ASLR can be a worthwhile investment in your enterprise’s secure software development lifecycle.  Continue Reading

• Open source testing tools for Web applications: Website vulnerability scanner and recon tools

  Google’s open source testing tools for Web applications can save organizations money and improve the security of Web apps.  Continue Reading

• What is a virtual directory? The essential application deployment tool

  What is a virtual directory? As expert Michael Cobb explains, it can be an extremely helpful secure application deployment tool.  Continue Reading

• Managing toolbars and other third-party browser extensions

  Third-party browser extensions like toolbars can jeopardize client security. Expert Michael Cobb discusses what can be done to manage these risks.  Continue Reading

• Java Virtual Machine architecture: Applet to applet communication

  In a Java Virtual Machine architecture, is it possible for two machines to communicate with one another? Expert Michael Cobb describes how the applet-to-applet communication process works.  Continue Reading

• Managing application permissions through isolated storage

  Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files.  Continue Reading

• Next-generation firewalls: Marketing hype or real value?

  Next-gen firewalls have some features that can be of value to large enterprises, particularly visualization and improved levels of granular control.  Continue Reading

• Comparing relational database security and NoSQL security

  In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security.  Continue Reading

• Scareware removal: How to get rid of fake AV malware

  Threats expert Nick Lewis explains how to prevent and remove scareware infections.  Continue Reading

• Hacker chatter: Can hacker websites help companies anticipate attacks?

  Tracking hacker chatter could be useful for discovering attacks, but there may be other, less risky routes to finding the same information.  Continue Reading

• Browser plug-ins for search engine poisoning protection

  Learn about browser plug-ins that can help protect end users from malware delivered via search engine poisoning.  Continue Reading

• JeOs and the benefits of a virtual security appliance

  A virtual security appliance offers enterprises a number of benefits, including an optimized operating system that simplifies patch management.  Continue Reading

• OS X antivirus software: Enterprise virus protection for the Mac

  Macs should be protected against malware and unauthorized access just like their Windows counterparts. Learn how in this expert response.  Continue Reading

• Insufficient authorization: Hardening Web application authorization

  Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors.  Continue Reading

• How to erase browser history proactively for enterprise security

  Attackers often try to access enterprise users’ browsing history. Expert Michael Cobb explains how to erase browser history proactively.  Continue Reading

• The fight against phishing: Utilizing SPF and DKIM authentication technology

  The fight against phishing has been waging for years. Expert Michael Cobb explains how SPF and DKIM authentication technologies could turn the tide.  Continue Reading

• Drive-by virus: How to prevent drive-by download malware

  There are several security strategies enterprises can implement to prevent drive-by download malware infections. Get tips in this expert response.  Continue Reading

• Zeus Trojan analysis: How to decode the Zeus config.bin file

  Learn how to analyze the Zeus config.bin file in order to identify targeted URLs and infected computers on your network.  Continue Reading

• Service Pack 1 for Windows 7: What you need to know

  Michael Cobb explains why Service Pack 1 for Windows 7 is different than service packs in the past.  Continue Reading

• Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention

  The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.  Continue Reading

• Symmetric key encryption algorithms and hash function cryptography united

  Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.  Continue Reading

• SQL injection scanning processes for corporate SDLC methodology

  SQL injection vulnerabilities are some of the most exploited flaws. In this expert response, Nick Lewis explains how to eradicate such flaws from your Web apps.  Continue Reading

• How to prevent a spear phishing attack from infiltrating an enterprise

  While spear phishing emails are becoming harder to detect, there are still ways to prevent them. Threats expert Nick Lewis gives advice.  Continue Reading